Launchpad has imported 9 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=811392.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
Launchpad has imported 14 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=804093.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
** Changed in: samba (Debian)
Status: New = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: root credential remote code execution
To
** Changed in: samba (Debian)
Status: New = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: root credential remote code execution
To manage
** Also affects: samba (Ubuntu Precise)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: Confirmed
** Changed in: samba (Ubuntu Precise)
Milestone: None = ubuntu-12.04
** Changed in: samba (Ubuntu Precise)
Status: Confirmed = In Progress
** Tags added:
** Also affects: samba (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Oneiric)
Here is my proposed debdiff for Precise. I'll need a sponsor for this to
make it into the release.
I've built a package locally with this debdiff. I sanity checked it
using the 'umt compare-log', 'umt compare-bin', and 'umt check' tools. I
tested it with the reproducers from ZDI, as well as
Hi Tyler,
+1 on the diff, that looks good.
Note that an alternative to shipping the second patch is to update the
generated files from the package itself, so the diff isn't massive; this
would require adding make -C source3 samba3-idl as part of the build
step and adding libparse-yapp-perl to
Thanks Jelmer! You've probably already noticed, but jdstrand has
sponsored it.
I was wondering if we could generate the PIDL generated code at build
time, but I decided against it for sake of making cherry-picking from
upstream stable branches easy in the future. Upstream has reran the PIDL
Ok, now I see that the 3.6 upstream branch places the samba3-idl target
underneath 'make all', so I assume that they are now relying on the code
generation to happen at build time. Can you confirm this, Jelmer?
If that's the case, then we probably do want to follow that convention
in our 3.6.x
The attachment samba_3.6.3-2ubuntu2.debdiff of this bug report has
been identified as being a patch in the form of a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. In the event that this is in
fact not a patch
** Branch linked: lp:ubuntu/precise-proposed/samba
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: root credential remote code execution
To manage
This bug was fixed in the package samba - 2:3.5.11~dfsg-1ubuntu2.2
---
samba (2:3.5.11~dfsg-1ubuntu2.2) oneiric-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL
This bug was fixed in the package samba - 2:3.5.8~dfsg-1ubuntu2.4
---
samba (2:3.5.8~dfsg-1ubuntu2.4) natty-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler
This bug was fixed in the package samba - 2:3.4.7~dfsg-1ubuntu3.9
---
samba (2:3.4.7~dfsg-1ubuntu3.9) lucid-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler
This bug was fixed in the package samba - 3.0.28a-1ubuntu4.18
---
samba (3.0.28a-1ubuntu4.18) hardy-security; urgency=low
[ Steve Beattie ]
* SECURITY UPDATE: unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/security-CVE-2012-1182.patch:
** Branch linked: lp:ubuntu/lucid-security/samba
** Branch linked: lp:ubuntu/oneiric-security/samba
** Branch linked: lp:ubuntu/natty-security/samba
** Branch linked: lp:ubuntu/hardy-security/samba
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
This bug was fixed in the package samba - 2:3.6.3-2ubuntu2
---
samba (2:3.6.3-2ubuntu2) precise-proposed; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate
** Also affects: samba (Ubuntu Precise)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: Confirmed
** Changed in: samba (Ubuntu Precise)
Milestone: None = ubuntu-12.04
** Changed in: samba (Ubuntu Precise)
Status: Confirmed = In Progress
** Tags added:
** Also affects: samba (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Oneiric)
Here is my proposed debdiff for Precise. I'll need a sponsor for this to
make it into the release.
I've built a package locally with this debdiff. I sanity checked it
using the 'umt compare-log', 'umt compare-bin', and 'umt check' tools. I
tested it with the reproducers from ZDI, as well as
Hi Tyler,
+1 on the diff, that looks good.
Note that an alternative to shipping the second patch is to update the
generated files from the package itself, so the diff isn't massive; this
would require adding make -C source3 samba3-idl as part of the build
step and adding libparse-yapp-perl to
Thanks Jelmer! You've probably already noticed, but jdstrand has
sponsored it.
I was wondering if we could generate the PIDL generated code at build
time, but I decided against it for sake of making cherry-picking from
upstream stable branches easy in the future. Upstream has reran the PIDL
Ok, now I see that the 3.6 upstream branch places the samba3-idl target
underneath 'make all', so I assume that they are now relying on the code
generation to happen at build time. Can you confirm this, Jelmer?
If that's the case, then we probably do want to follow that convention
in our 3.6.x
The attachment samba_3.6.3-2ubuntu2.debdiff of this bug report has
been identified as being a patch in the form of a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. In the event that this is in
fact not a patch
** Branch linked: lp:ubuntu/precise-proposed/samba
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: root credential remote code execution
To manage notifications about
This bug was fixed in the package samba - 2:3.5.11~dfsg-1ubuntu2.2
---
samba (2:3.5.11~dfsg-1ubuntu2.2) oneiric-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL
This bug was fixed in the package samba - 2:3.5.8~dfsg-1ubuntu2.4
---
samba (2:3.5.8~dfsg-1ubuntu2.4) natty-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler
This bug was fixed in the package samba - 2:3.4.7~dfsg-1ubuntu3.9
---
samba (2:3.4.7~dfsg-1ubuntu3.9) lucid-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler
This bug was fixed in the package samba - 3.0.28a-1ubuntu4.18
---
samba (3.0.28a-1ubuntu4.18) hardy-security; urgency=low
[ Steve Beattie ]
* SECURITY UPDATE: unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/security-CVE-2012-1182.patch:
** Branch linked: lp:ubuntu/lucid-security/samba
** Branch linked: lp:ubuntu/oneiric-security/samba
** Branch linked: lp:ubuntu/natty-security/samba
** Branch linked: lp:ubuntu/hardy-security/samba
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
This bug was fixed in the package samba - 2:3.6.3-2ubuntu2
---
samba (2:3.6.3-2ubuntu2) precise-proposed; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate
Thanks, Ryan! We are aware of the issue and we are currently working on
an update.
** Changed in: samba (Ubuntu)
Status: New = Confirmed
** Changed in: samba (Ubuntu)
Assignee: (unassigned) = Tyler Hicks (tyhicks)
** Changed in: samba (Ubuntu)
Importance: Undecided = High
--
** Changed in: samba (Debian)
Status: Unknown = New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: root credential remote code execution
To
Thanks, Ryan! We are aware of the issue and we are currently working on
an update.
** Changed in: samba (Ubuntu)
Status: New = Confirmed
** Changed in: samba (Ubuntu)
Assignee: (unassigned) = Tyler Hicks (tyhicks)
** Changed in: samba (Ubuntu)
Importance: Undecided = High
--
** Changed in: samba (Debian)
Status: Unknown = New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: root credential remote code execution
To manage notifications
** Bug watch added: Red Hat Bugzilla #804093
https://bugzilla.redhat.com/show_bug.cgi?id=804093
** Also affects: samba (CentOS) via
https://bugzilla.redhat.com/show_bug.cgi?id=804093
Importance: Unknown
Status: Unknown
** Bug watch added: Red Hat Bugzilla #811392
37 matches
Mail list logo